/**
* Display a reminder to execute the security check script
*
* @return string HTML for security reminder (or empty string)
*/
function security_check_reminder()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE;
$retval = '';
if (!SEC_inGroup('Root')) {
return $retval;
}
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
$retval .= COM_showMessage(92);
}
return $retval;
}
/**
* Save a group to the database
*
* @param string $grp_id ID of group to save
* @param string $grp_name Group Name
* @param string $grp_descr Description of group
* @param boolean $grp_admin Flag that indicates this is an admin use group
* @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group
* @param boolean $grp_default Flag that indicates if this is a default group
* @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
* @return string HTML refresh or error message
*
*/
function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE;
$retval = '';
if (!empty($grp_name) && !empty($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups();
if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
if ($grp_gl_core == 1 and !is_array($features)) {
COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
// group names have to be unique, so check if this one exists already
$g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
if ($g_id > 0) {
if (empty($grp_id) || $grp_id != $g_id) {
// there already is a group with that name - complain
$retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
$grp_descr = COM_stripslashes($grp_descr);
$grp_descr = DB_escapeString($grp_descr);
$grp_applydefault_add = true;
if (empty($grp_id)) {
DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
$new_group = true;
} else {
if ($grp_applydefault == 1) {
// check if $grp_default changed
$old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}");
if ($old_default == $grp_default) {
// no change required
$grp_applydefault = 0;
} elseif ($old_default == 1) {
$grp_applydefault_add = false;
}
}
DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$new_group = false;
}
if (empty($grp_id) || $grp_id < 1) {
// "this shouldn't happen"
COM_errorLog("Internal error: invalid group id");
$retval .= COM_showMessage(95);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
// Use the field grp_gl_core to indicate if this non-core GL Group
// is an Admin related group
if ($grp_gl_core != 1 and $grp_id > 1) {
if ($grp_admin == 1) {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}");
} else {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}");
}
}
// now save the features
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
$num_features = count($features);
if (SEC_inGroup('Root')) {
foreach ($features as $f) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
} else {
$GroupAdminFeatures = SEC_getUserPermissions();
$availableFeatures = explode(',', $GroupAdminFeatures);
foreach ($features as $f) {
if (in_array($f, $availableFeatures)) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
}
}
if ($_GROUP_VERBOSE) {
COM_errorLog('groups = ' . $groups);
COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1);
}
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
if (!empty($groups)) {
foreach ($groups as $g) {
if (in_array($g, $GroupAdminGroups)) {
if ($_GROUP_VERBOSE) {
COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})";
DB_query($sql);
}
}
}
// Make sure Root group belongs to any new group
if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)");
}
// make sure this Group Admin belongs to the new group
if (!SEC_inGroup('Root')) {
if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})");
}
}
if ($grp_applydefault == 1) {
applydefaultgroup($grp_id, $grp_applydefault_add);
}
if ($new_group) {
PLG_groupChanged($grp_id, 'new');
} else {
PLG_groupChanged($grp_id, 'edit');
}
if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49');
}
} else {
$retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
function LIB_Edit($pi_name, $id, $edt_flg, $msg = '', $errmsg = "", $mode = "edit")
{
global $_CONF;
global $_TABLES;
global $LANG_ADMIN;
global $MESSAGE;
global $LANG_ACCESS;
global $_USER;
$lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
global ${$lang_box_admin};
$lang_box_admin = ${$lang_box_admin};
$lang_box = "LANG_" . strtoupper($pi_name);
global ${$lang_box};
$lang_box = ${$lang_box};
$lang_box_noyes = "LANG_" . strtoupper($pi_name) . "_NOYES";
global ${$lang_box_noyes};
$lang_box_noyes = ${$lang_box_noyes};
$lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE";
global ${$lang_box_inputtype};
$lang_box_inputtype = ${$lang_box_inputtype};
$table = $_TABLES[strtoupper($pi_name) . '_def_group'];
$table1 = $_TABLES[strtoupper($pi_name) . '_def_category'];
$table2 = $_TABLES[strtoupper($pi_name) . '_def_field'];
// $cur_year = date( 'Y' );
// $year_startoffset=1990 - $cur_year +1;
// $year_endoffset=0;
$retval = '';
$delflg = false;
//メッセージ表示
if (!empty($msg)) {
$retval .= COM_showMessage($msg, $pi_name);
$retval .= $errmsg;
// clean 'em up
$code = COM_applyFilter($_POST['code']);
$name = COM_applyFilter($_POST['name']);
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$orderno = COM_applyFilter($_POST['orderno']);
$parent_flg = COM_applyFilter($_POST['parent_flg'], true);
$input_type = COM_applyFilter($_POST['input_type'], true);
$uuid = $_USER['uid'];
} else {
if (empty($id)) {
$id = 0;
$code = "";
$name = "";
$description = "";
$orderno = "";
$parent_flg = 0;
$uuid = 0;
$udatetime = "";
//"";
} else {
$sql = "SELECT ";
$sql .= " *";
$sql .= " ,UNIX_TIMESTAMP(udatetime) AS udatetime_un" . LB;
$sql .= " FROM ";
$sql .= $table;
$sql .= " WHERE ";
$sql .= " group_id = {$id}";
$result = DB_query($sql);
$A = DB_fetchArray($result);
$code = COM_stripslashes($A['code']);
$name = COM_stripslashes($A['name']);
$description = COM_stripslashes($A['description']);
$orderno = COM_stripslashes($A['orderno']);
$parent_flg = COM_stripslashes($A['parent_flg']);
$input_type = COM_stripslashes($A['input_type']);
$uuid = COM_stripslashes($A['uuid']);
$wary = COM_getUserDateTimeFormat(COM_stripslashes($A['udatetime_un']));
$udatetime = $wary[0];
if ($edt_flg == FALSE) {
$delflg = true;
}
}
}
if ($mode === "copy") {
$id = 0;
//作成日付
$created = 0;
$created_month = 0;
$created_day = 0;
$created_year = 0;
$created_hour = 0;
$created_minute = 0;
//
$delflg = false;
}
$retval .= COM_startBlock($lang_box_admin['edit'], '', COM_getBlockTemplate('_admin_block', 'header'));
$tmplfld = DATABOX_templatePath('admin', 'default', $pi_name);
$templates = new Template($tmplfld);
$templates->set_file('editor', "group_editor.thtml");
//--
$templates->set_var('about_thispage', $lang_box_admin['about_admin_group']);
$templates->set_var('lang_must', $lang_box_admin['must']);
$templates->set_var('site_url', $_CONF['site_url']);
$templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$token = SEC_createToken();
$retval .= SEC_getTokenExpiryNotice($token);
$templates->set_var('gltoken_name', CSRF_TOKEN);
$templates->set_var('gltoken', $token);
$templates->set_var('xhtml', XHTML);
$templates->set_var('script', THIS_SCRIPT);
//
$templates->set_var('lang_link_admin', $lang_box_admin['link_admin']);
$templates->set_var('lang_link_admin_top', $lang_box_admin['link_admin_top']);
//id
$templates->set_var('lang_group_id', $lang_box_admin['group_id']);
$templates->set_var('id', $id);
//コード、名前&説明
$templates->set_var('lang_code', $lang_box_admin['code']);
$templates->set_var('code', $code);
$templates->set_var('lang_name', $lang_box_admin['name']);
$templates->set_var('name', $name);
$templates->set_var('lang_description', $lang_box_admin['description']);
$templates->set_var('description', $description);
//順番
$templates->set_var('lang_orderno', $lang_box_admin['orderno']);
$templates->set_var('orderno', $orderno);
//親ブループ?
$templates->set_var('lang_parent_flg', $lang_box_admin['parent_flg']);
$list_parent_flg = DATABOX_getradiolist($lang_box_noyes, "parent_flg", $parent_flg);
$templates->set_var('list_parent_flg', $list_parent_flg);
//入力タイプ
$templates->set_var('lang_input_type', $lang_box_admin['input_type']);
$list_input_type = DATABOX_getradiolist($lang_box_inputtype, "input_type", $input_type);
$templates->set_var('list_input_type', $list_input_type);
//保存日時
$templates->set_var('lang_udatetime', $lang_box_admin['udatetime']);
$templates->set_var('udatetime', $udatetime);
$templates->set_var('lang_uuid', $lang_box_admin['uuid']);
$templates->set_var('uuid', $uuid);
// SAVE、CANCEL ボタン
$templates->set_var('lang_save', $LANG_ADMIN['save']);
$templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$templates->set_var('lang_preview', $LANG_ADMIN['preview']);
//delete_option
if ($delflg) {
$wkcnt = DB_count($table1, "categorygroup_id", $id);
if ($wkcnt > 0) {
$templates->set_var('lang_delete_help', $lang_box_admin['delete_help_group']);
} else {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
}
}
//
$templates->parse('output', 'editor');
$retval .= $templates->finish($templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Updates a plugin (call its upgrade function).
*
* @param string $pi_name name of the plugin to uninstall
* @return string HTML for error or success message
*
*/
function do_update($pi_name)
{
global $_CONF, $LANG32;
$retval = '';
if (!empty($pi_name)) {
$result = PLG_upgrade($pi_name);
if ($result > 0) {
if ($result === TRUE) {
// Catch returns that are just true/false
PLG_pluginStateChange($pi_name, 'upgraded');
$retval = COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=60');
} else {
// Plugin returned a message number
$retval = COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=' . $result . '&plugin=' . $pi_name);
}
return $retval;
} else {
// Plugin function returned a false
$retval = COM_showMessage(95);
}
} else {
// no plugin name given
$retval = COM_showMessageText($LANG32[12], $LANG32[13]);
}
$retval = COM_siteHeader('menu', $LANG32[13]) . $retval . COM_siteFooter();
return $retval;
}
/**
* Create the banner list depending on the category given
*
* @param array $message message(s) to display
* @return string the banner page
*
*/
function banner_list($message)
{
global $_CONF, $_TABLES, $_BAN_CONF, $LANG_BANNER_ADMIN, $LANG_BANNER, $LANG_BANNER_STATS;
$cid = $_BAN_CONF['root'];
$display = '';
if (isset($_GET['category'])) {
$cid = strip_tags(COM_stripslashes($_GET['category']));
} elseif (isset($_POST['category'])) {
$cid = strip_tags(COM_stripslashes($_POST['category']));
}
$cat = addslashes($cid);
$page = 0;
if (isset($_GET['page'])) {
$page = COM_applyFilter($_GET['page'], true);
}
if ($page == 0) {
$page = 1;
}
if (empty($cid)) {
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ' (%d)', $page);
} else {
$page_title = $LANG_BANNER[114];
}
} else {
if ($cid == $_BAN_CONF['root']) {
$category = $LANG_BANNER['root'];
} else {
$category = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '{$cat}'");
}
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ': %s (%d)', $category, $page);
} else {
$page_title = sprintf($LANG_BANNER[114] . ': %s', $category);
}
}
// Check has access to this category
if ($cid != $_BAN_CONF['root']) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['bannercategories']} WHERE cid='{$cat}'");
$A = DB_fetchArray($result);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) {
$display .= COM_siteHeader('menu', $page_title);
$display .= COM_showMessage(5, 'banner');
$display .= COM_siteFooter();
echo $display;
exit;
}
}
$display .= COM_siteHeader('menu', $page_title);
if (is_array($message) && !empty($message[0])) {
$display .= COM_startBlock($message[0], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $message[1];
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'banner');
}
}
}
$bannerlist = new Template($_CONF['path'] . 'plugins/banner/templates/');
$bannerlist->set_file(array('bannerlist' => 'banner.thtml', 'catbanner' => 'categorybanner.thtml', 'banner' => 'bannerdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml'));
$bannerlist->set_var('xhtml', XHTML);
$bannerlist->set_var('blockheader', COM_startBlock($LANG_BANNER[114]));
$bannerlist->set_var('layout_url', $_CONF['layout_url']);
if ($_BAN_CONF['bannercols'] > 0) {
// Create breadcrumb trail
$bannerlist->set_var('breadcrumbs', banner_breadcrumbs($_BAN_CONF['root'], $cid));
// Set dropdown for category jump
$bannerlist->set_var('lang_go', $LANG_BANNER[124]);
$bannerlist->set_var('banner_dropdown', banner_select_box(2, $cid));
// Show categories
$sql = "SELECT cid,pid,category,description FROM {$_TABLES['bannercategories']} WHERE pid='{$cat}'";
$sql .= COM_getLangSQL('cid', 'AND');
$sql .= COM_getPermSQL('AND') . " ORDER BY category";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('lang_categories', $LANG_BANNER_ADMIN[14]);
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
// Get number of child banner user can see in this category
$ccid = addslashes($C['cid']);
$result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['banner']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND'));
$D = DB_fetchArray($result1);
// Get number of child categories user can see in this category
$result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['bannercategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND'));
$E = DB_fetchArray($result2);
// Format numbers for display
$display_count = '';
// don't show zeroes
if ($E['count'] > 0) {
$display_count = COM_numberFormat($E['count']);
}
if ($E['count'] > 0 && $D['count'] > 0) {
$display_count .= ', ';
}
if ($D['count'] > 0) {
$display_count .= COM_numberFormat($D['count']);
}
// add brackets if child items exist
if ($display_count != '') {
$display_count = '(' . $display_count . ')';
}
$bannerlist->set_var('category_name', $C['category']);
if ($_BAN_CONF['show_category_descriptions']) {
$bannerlist->set_var('category_description', $C['description']);
} else {
$bannerlist->set_var('category_description', '');
}
$bannerlist->set_var('category_link', $_CONF['site_url'] . '/banner/index.php?category=' . urlencode($C['cid']));
$bannerlist->set_var('category_count', $display_count);
$bannerlist->set_var('width', floor(100 / $_BAN_CONF['bannercols']));
if (!empty($cid) && $cid == $C['cid']) {
$bannerlist->parse('category_col', 'actcol', true);
} else {
$bannerlist->parse('category_col', 'catcol', true);
}
if ($i % $_BAN_CONF['bannercols'] == 0) {
$bannerlist->parse('category_row', 'catrow', true);
$bannerlist->set_var('category_col', '');
}
}
if ($nrows % $_BAN_CONF['bannercols'] != 0) {
$bannerlist->parse('category_row', 'catrow', true);
}
$bannerlist->parse('category_navigation', 'catnav', true);
} else {
$bannerlist->set_var('category_navigation', '');
}
} else {
$bannerlist->set_var('category_navigation', '');
}
if ($_BAN_CONF['bannercols'] == 0) {
$bannerlist->set_var('category_dropdown', '');
} else {
$bannerlist->parse('category_dropdown', 'catdrop', true);
}
$bannerlist->set_var('site_url', $_CONF['site_url']);
$bannerlist->set_var('cid', $cid);
$bannerlist->set_var('cid_plain', $cid);
$bannerlist->set_var('cid_encoded', urlencode($cid));
$bannerlist->set_var('lang_addabanner', $LANG_BANNER[116]);
// Build SQL for banner
$sql = 'SELECT bid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon';
$from_where = " FROM {$_TABLES['banner']}";
if ($_BAN_CONF['bannercols'] > 0) {
if (!empty($cid)) {
$from_where .= " WHERE cid='" . addslashes($cid) . "'";
} else {
$from_where .= " WHERE cid=''";
}
$from_where .= ' AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())';
$from_where .= COM_getPermSQL('AND');
} else {
$from_where .= COM_getPermSQL();
}
$order = ' ORDER BY cid ASC,title';
$limit = '';
if ($_BAN_CONF['bannerperpage'] > 0) {
if ($page < 1) {
$start = 0;
} else {
$start = ($page - 1) * $_BAN_CONF['bannerperpage'];
}
$limit = ' LIMIT ' . $start . ',' . $_BAN_CONF['bannerperpage'];
}
$result = DB_query($sql . $from_where . $order . $limit);
$nrows = DB_numRows($result);
if ($nrows == 0) {
if ($cid == $_BAN_CONF['root'] && $page <= 1 && $_BAN_CONF['show_top10']) {
$result = DB_query("SELECT bid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE (hits > 0) AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())" . COM_getPermSQL('AND') . " ORDER BY hits DESC LIMIT 10");
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('banner_details', '');
$bannerlist->set_var('banner_category', $LANG_BANNER_STATS['stats_headline']);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
}
}
$bannerlist->set_var('page_navigation', '');
} else {
$currentcid = '';
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (strcasecmp($A['cid'], $currentcid) != 0) {
// print the category and banner
if ($i > 0) {
$bannerlist->parse('category_banner', 'catbanner', true);
$bannerlist->set_var('banner_details', '');
}
$currentcid = $A['cid'];
$currentcategory = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '" . addslashes($currentcid) . "'");
$bannerlist->set_var('banner_category', $currentcategory);
}
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
$result = DB_query('SELECT COUNT(*) AS count ' . $from_where);
list($numbanner) = DB_fetchArray($result);
$pages = 0;
if ($_BAN_CONF['bannerperpage'] > 0) {
$pages = (int) ($numbanner / $_BAN_CONF['bannerperpage']);
if ($numbanner % $_BAN_CONF['bannerperpage'] > 0) {
$pages++;
}
}
if ($pages > 0) {
if ($_BAN_CONF['bannercols'] > 0 && !empty($currentcid)) {
$catbanner = '?category=' . urlencode($currentcid);
} else {
$catbanner = '';
}
$bannerlist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/banner/index.php' . $catbanner, $page, $pages));
} else {
$bannerlist->set_var('page_navigation', '');
}
}
$bannerlist->set_var('blockfooter', COM_endBlock());
$bannerlist->parse('output', 'bannerlist');
$display .= $bannerlist->finish($bannerlist->get_var('output'));
return $display;
}
function links_edit_category($cid, $pid)
{
global $_CONF, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $LANG_ADMIN, $LANG_ACCESS, $_LI_CONF;
$retval = '';
$cid = addslashes($cid);
if (!empty($pid)) {
// have parent id, so making a new subcategory
// get parent access rights
$result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='" . addslashes($pid) . "'");
$A = DB_fetchArray($result);
$A['owner_id'] = $_USER['uid'];
$A['pid'] = $pid;
} elseif (!empty($cid)) {
// have category id, so editing a category
$sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'" . COM_getPermSQL('AND');
$result = DB_query($sql);
$A = DB_fetchArray($result);
} else {
// nothing, so making a new top-level category
// get default access rights
$A['group_id'] = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Links Admin'");
SEC_setDefaultPermissions($A, $_LI_CONF['category_permissions']);
$A['owner_id'] = $_USER['uid'];
$A['pid'] = $_LI_CONF['root'];
}
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
return COM_showMessage(6, 'links');
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
$T = new Template($_CONF['path'] . 'plugins/links/templates/admin');
$T->set_file(array('page' => 'categoryeditor.thtml'));
$T->set_var('xhtml', XHTML);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
$T->set_var('layout_url', $_CONF['layout_url']);
$T->set_var('lang_pagetitle', $LANG_LINKS_ADMIN[28]);
$T->set_var('lang_link_list', $LANG_LINKS_ADMIN[53]);
$T->set_var('lang_new_link', $LANG_LINKS_ADMIN[51]);
$T->set_var('lang_validate_links', $LANG_LINKS_ADMIN[26]);
$T->set_var('lang_list_categories', $LANG_LINKS_ADMIN[50]);
$T->set_var('lang_new_category', $LANG_LINKS_ADMIN[52]);
$T->set_var('lang_admin_home', $LANG_ADMIN['admin_home']);
$T->set_var('instructions', $LANG_LINKS_ADMIN[29]);
$T->set_var('lang_category', $LANG_LINKS_ADMIN[30]);
$T->set_var('lang_cid', $LANG_LINKS_ADMIN[32]);
$T->set_var('lang_description', $LANG_LINKS_ADMIN[31]);
$T->set_var('lang_topic', $LANG_LINKS_ADMIN[33]);
$T->set_var('lang_parent', $LANG_LINKS_ADMIN[34]);
$T->set_var('lang_save', $LANG_ADMIN['save']);
if (!empty($cid)) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$T->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$T->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$T->set_var('delete_option', '');
}
$T->set_var('lang_cancel', $LANG_ADMIN['cancel']);
if (!empty($cid)) {
$T->set_var('cid_value', $A['cid']);
$T->set_var('old_cid_value', $A['cid']);
$T->set_var('category_options', links_select_box(3, $A['pid']));
$T->set_var('category_value', $A['category']);
$T->set_var('description_value', $A['description']);
} else {
$A['cid'] = COM_makeSid();
$T->set_var('cid_value', $A['cid']);
$T->set_var('old_cid_value', '');
$T->set_var('category_options', links_select_box(3, $A['pid']));
$T->set_var('category_value', '');
$T->set_var('description_value', '');
}
if (!isset($A['tid'])) {
$A['tid'] = 'all';
}
$topics = COM_topicList('tid,topic', $A['tid'], 1, true);
$T->set_var('topic_list', $topics);
$alltopics = '<option value="all"';
if ($A['tid'] == 'all') {
$alltopics .= ' selected="selected"';
}
$alltopics .= '>' . $LANG_LINKS_ADMIN[35] . '</option>' . LB;
$T->set_var('topic_selection', '<select name="tid">' . $alltopics . $topics . '</select>');
if (empty($cid)) {
$num_links = $LANG_ADMIN['na'];
} else {
$nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['links']} WHERE cid='{$cid}'" . COM_getPermSQL('AND'));
$N = DB_fetchArray($nresult);
$num_links = COM_numberFormat($N['count']);
}
$T->set_var('lang_num_links', $LANG_LINKS_ADMIN[61]);
$T->set_var('num_links', $num_links);
// user access info
$T->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$T->set_var('lang_owner', $LANG_ACCESS['owner']);
$T->set_var('owner_name', COM_getDisplayName($A['owner_id']));
$T->set_var('cat_ownerid', $A['owner_id']);
$T->set_var('lang_group', $LANG_ACCESS['group']);
$T->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$T->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$T->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$T->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$T->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$T->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
$T->set_var('gltoken_name', CSRF_TOKEN);
$T->set_var('gltoken', $token);
$T->parse('output', 'page');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function _userVerify()
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04;
$retval = '';
$uid = (int) COM_applyFilter($_GET['u'], true);
$vid = COM_applyFilter($_GET['vid']);
if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($vid) && strlen($vid) == 32) {
$uid = (int) $uid;
$safevid = DB_escapeString($vid);
$result = DB_query("SELECT UNIX_TIMESTAMP(act_time) AS act_time FROM {$_TABLES['users']} WHERE uid=" . $uid . " AND act_token='" . $safevid . "' AND status=" . USER_ACCOUNT_AWAITING_VERIFICATION);
if (DB_numRows($result) != 1) {
$valid = 0;
} else {
$U = DB_fetchArray($result);
if ($U['act_time'] != '' && $U['act_time'] > time() - $_SYSTEM['verification_token_ttl']) {
$valid = 1;
} else {
$valid = 0;
}
}
if ($valid == 1) {
DB_query("UPDATE {$_TABLES['users']} SET status=" . USER_ACCOUNT_AWAITING_ACTIVATION . ",act_time='1000-01-01 00:00:00' WHERE uid=" . $uid);
$retval .= COM_showMessage(515, '', '', 0, 'success');
$retval .= SEC_loginForm();
} else {
// request invalid or expired
$result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . $uid);
if (DB_numRows($result) == 1) {
$U = DB_fetchArray($result);
switch ($U['status']) {
case USER_ACCOUNT_AWAITING_ACTIVATION:
case USER_ACCOUNT_ACTIVE:
$retval .= COM_showMessage(517, '', '', 0, 'info');
$retval .= SEC_loginForm();
break;
case USER_ACCOUNT_AWAITING_VERIFICATION:
$retval .= COM_showMessage(516, '', '', 1, 'error');
$retval .= newtokenform($uid);
break;
default:
echo COM_refresh($_CONF['site_url']);
}
} else {
echo COM_refresh($_CONF['site_url']);
}
}
} else {
// this request doesn't make sense - ignore it
echo COM_refresh($_CONF['site_url']);
}
return $retval;
}
$page_title = DB_getItem($_TABLES['maps_maps'], 'name', "mid={$_REQUEST['mid']}");
}
if ($_REQUEST['mode'] == 'markers' && $_REQUEST['mid'] != 0 && is_numeric($_REQUEST['mid'])) {
$page_title .= ' | ' . DB_getItem($_TABLES['maps_maps'], 'name', "mid={$_REQUEST['mid']}");
}
if ($_REQUEST['mode'] == 'marker' && isset($_REQUEST['mkid']) && $_REQUEST['mkid'] != '' && is_numeric($_REQUEST['mkid'])) {
$page_title = DB_getItem($_TABLES['maps_markers'], 'name', "mkid={$_REQUEST['mkid']}");
}
$display .= COM_siteHeader('menu', stripslashes($page_title));
$display .= MAPS_user_menu();
$msg = 0;
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
}
if ($msg > 0) {
$display .= COM_showMessage($msg, 'maps');
}
switch ($_REQUEST['mode']) {
case 'map':
// query database for map
if ($_REQUEST['mid'] > 0 && is_numeric($_REQUEST['mid'])) {
$display .= MAPS_getMap($_REQUEST['mid']);
if ($_REQUEST['mid'] >= 0 && is_numeric($_REQUEST['mid'])) {
$display .= MAPS_ListMarkers($_REQUEST['mid']);
}
} elseif ($_REQUEST['mid'] == 0) {
//Display the Global Map
$display .= MAPS_getGlobalMap();
} else {
echo COM_refresh($_MAPS_CONF['site_url'] . '/index.php');
}
}
if (isset($_POST['sp_status_no'])) {
$sp_status = 0;
}
} else {
$sp_status = isset($_POST['sp_status']) ? 1 : 0;
}
$display .= PAGE_submit($sp_id, $sp_status, $sp_uid, isset($_POST['sp_title']) ? $_POST['sp_title'] : '', isset($_POST['sp_content']) ? $_POST['sp_content'] : '', isset($_POST['sp_hits']) ? COM_applyFilter($_POST['sp_hits'], true) : 0, isset($_POST['sp_format']) ? COM_applyFilter($_POST['sp_format']) : '', isset($_POST['sp_onmenu']) ? $_POST['sp_onmenu'] : '', isset($_POST['sp_label']) ? $_POST['sp_label'] : '', isset($_POST['commentcode']) ? COM_applyFilter($_POST['commentcode'], true) : 0, isset($_POST['owner_id']) ? COM_applyFilter($_POST['owner_id'], true) : 2, isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id'], true) : 0, isset($_POST['perm_owner']) ? $_POST['perm_owner'] : '', isset($_POST['perm_group']) ? $_POST['perm_group'] : '', isset($_POST['perm_members']) ? $_POST['perm_members'] : '', isset($_POST['perm_anon']) ? $_POST['perm_anon'] : '', isset($_POST['sp_php']) ? $_POST['sp_php'] : '', isset($_POST['sp_nf']) ? $_POST['sp_nf'] : '', isset($_POST['sp_old_id']) ? COM_applyFilter($_POST['sp_old_id']) : '', isset($_POST['sp_nf']) ? $_POST['sp_centerblock'] : '', $sp_help, isset($_POST['sp_tid']) ? COM_applyFilter($_POST['sp_tid']) : '', isset($_POST['sp_where']) ? COM_applyFilter($_POST['sp_where'], true) : 0, isset($_POST['sp_inblock']) ? $_POST['sp_inblock'] : '', isset($_POST['postmode']) ? COM_applyFilter($_POST['postmode']) : '', isset($_POST['sp_search']) ? 1 : 0);
} else {
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
} else {
//token expired?
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$display .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$display .= COM_showMessage(501);
$editor = '';
if (isset($_GET['editor'])) {
$editor = COM_applyFilter($_GET['editor']);
}
// $mode = 'edit';
$owner_id = $_POST['owner_id'];
$group_id = $_POST['group_id'];
$perm_owner = $_POST['perm_owner'];
$perm_group = $_POST['perm_group'];
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$_POST['perm_owner'] = $perm_owner;
$_POST['perm_group'] = $perm_group;
$_POST['perm_members'] = $perm_members;
/**
* Display a message and abort
*
* NOTE: Displays the message and aborts the script.
*
* @param int $msg message number
* @param string $plugin plugin name, if applicable
* @param int $http_status HTTP status code to send with the message
* @param string $http_text Textual version of the HTTP status code
*
*/
function COM_displayMessageAndAbort($msg, $plugin = '', $http_status = 200, $http_text = 'OK')
{
$display = COM_siteHeader('menu') . COM_showMessage($msg, $plugin) . COM_siteFooter(true);
if ($http_status != 200) {
header("HTTP/1.1 {$http_status} {$http_text}");
header("Status: {$http_status} {$http_text}");
}
echo $display;
exit;
}
if ($mode == 'personal' and $_CAJP_CONF['personalcalendars'] == 0) {
// User is trying to use the personal calendar feature even though it isn't
// turned on.
$display .= $LANG_CALJP_2[37];
$display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle));
COM_output($display);
exit;
}
// after this point, we can safely assume that if $mode == 'personal',
// the current user is actually allowed to use this personal calendar
$msg = 0;
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
}
if ($msg > 0) {
$display .= COM_showMessage($msg, 'calendarjp');
}
$view = '';
if (isset($_REQUEST['view'])) {
$view = COM_applyFilter($_REQUEST['view']);
}
if (!in_array($view, array('month', 'week', 'day', 'addentry', 'savepersonal'))) {
$view = '';
}
$year = 0;
if (isset($_REQUEST['year'])) {
$year = COM_applyFilter($_REQUEST['year'], true);
}
$month = 0;
if (isset($_REQUEST['month'])) {
$month = COM_applyFilter($_REQUEST['month'], true);
$display .= listServices();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_TRB['services_headline']));
} else {
if ($mode == 'freepb') {
$display .= COM_showMessageFromParameter();
$display .= pingbackForm();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_TRB['pingback']));
} else {
if ($mode == 'sendpingback') {
$target = COM_applyFilter($_POST['target']);
if (empty($target)) {
$display .= showTrackbackMessage($LANG_TRB['pbtarget_missing'], $LANG_TRB['pbtarget_required']);
} elseif (SEC_checkToken()) {
$result = PNB_sendPingback($_CONF['site_url'], $target);
if (empty($result)) {
$display .= COM_showMessage(74);
$target = '';
} else {
$message = '<p>' . $LANG_TRB['pb_error_details'] . '<br' . XHTML . '>' . '<span class="warningsmall">' . htmlspecialchars($result) . '</span></p>';
$display .= showTrackbackMessage($LANG_TRB['send_error'], $message);
}
}
$display .= pingbackForm($target);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_TRB['pingback']));
} else {
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
}
}
}
}
$content .= CLASSIFIEDS_catList();
}
$T->set_var('header', $LANG_ADVT['blocktitle']);
$menu_opt = $LANG_ADVT['mnu_home'];
break;
}
// switch ($page)
if ($menu_opt != '') {
$menu->set_selected($menu_opt);
}
$T->set_var('menu', $menu->generate());
$T->set_var('content', $content);
$T->parse('output', 'page');
echo CLASSIFIEDS_siteHeader($pageTitle);
if ($msg != '') {
echo COM_showMessage($msg, $_CONF_ADVT['pi_name']);
}
echo $T->finish($T->get_var('output'));
echo CLASSIFIEDS_siteFooter();
function showHelp()
{
global $LANG_ADVT, $_CONF;
$retval = '';
foreach ($LANG_ADVT['help'] as $section => $content) {
$retval .= "<h2>{$content[0]}</h2>\n<ol>\n";
foreach ($content[1] as $key => $value) {
$value = str_replace('{site_url}', $_CONF['site_url'], $value);
$retval .= "<li>{$value}</li>\n";
}
$retval .= "</ol>\n";
}
}
if (!isset($_POST['sp_inblock'])) {
$_POST['sp_inblock'] = '';
}
if (!isset($_POST['postmode'])) {
$_POST['postmode'] = '';
}
if (!isset($_POST['draft_flag'])) {
$_POST['draft_flag'] = '';
}
if (!isset($_POST['cache_time'])) {
$_POST['cache_time'] = $_SP_CONF['default_cache_time'];
}
if (!isset($_POST['template_flag'])) {
$_POST['template_flag'] = '';
}
$display .= submitstaticpage($sp_id, $_POST['sp_title'], $_POST['sp_page_title'], $_POST['sp_content'], COM_applyFilter($_POST['sp_hits'], true), COM_applyFilter($_POST['sp_format']), $_POST['sp_onmenu'], $_POST['sp_label'], COM_applyFilter($_POST['commentcode'], true), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon'], $_POST['sp_php'], $_POST['sp_nf'], COM_applyFilter($_POST['sp_old_id']), $_POST['sp_centerblock'], $sp_help, COM_applyFilter($_POST['sp_where'], true), $_POST['sp_inblock'], COM_applyFilter($_POST['postmode']), $_POST['meta_description'], $_POST['meta_keywords'], $_POST['draft_flag'], $_POST['template_flag'], $_POST['template_id'], COM_applyFilter($_POST['cache_time'], true));
} else {
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'staticpages');
}
}
$display .= liststaticpages();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_STATIC['staticpagelist']));
}
COM_output($display);
$meta_description = stripslashes($A['meta_description']);
$meta_keywords = stripslashes($A['meta_keywords']);
//$meta_description = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_description', "tid = '$topic'" ));
//$meta_keywords = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_keywords', "tid = '$topic'" ));
$header .= COM_createMetaTags($meta_description, $meta_keywords);
}
} else {
$header = '<link rel="microsummary" href="' . $_CONF['site_url'] . '/index.php?display=microsummary" title="Microsummary"' . XHTML . '>';
}
$display .= COM_siteHeader('menu', '', $header);
if (isset($_GET['msg'])) {
$plugin = '';
if (isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
$display .= COM_showMessage(COM_applyFilter($_GET['msg'], true), $plugin);
}
if (SEC_inGroup('Root') && $page == 1) {
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
/**
* we don't have the path to the admin directory, so try to figure it
* out from $_CONF['site_admin_url']
* @todo FIXME: this duplicates some code from admin/sectest.php
*/
$adminurl = $_CONF['site_admin_url'];
if (strrpos($adminurl, '/') == strlen($adminurl)) {
$adminurl = substr($adminurl, 0, -1);
}
$pos = strrpos($adminurl, '/');
if ($pos === false) {
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display .= editpoll();
$display .= COM_siteFooter();
}
} elseif ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) {
$pid = '';
if (isset($_POST['pid'])) {
$pid = COM_applyFilter($_POST['pid']);
}
if (empty($pid)) {
COM_errorLog('Ignored possibly manipulated request to delete a poll.');
$display .= COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
} elseif (SEC_checkToken()) {
$display .= deletePoll($pid);
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete poll {$pid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
} else {
// 'cancel' or no mode at all
$display .= COM_siteHeader('menu', $LANG25[18]);
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'polls');
}
}
$display .= listpolls();
$display .= COM_siteFooter();
}
COM_output($display);
/**
* Shows story editor
*
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $mode 'preview', 'edit', 'editsubmission', 'clone'
* @param string $errormsg a message to display on top of the page
* @return string HTML for story editor
*
*/
function storyeditor($sid = '', $mode = '', $errormsg = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK;
$display = '';
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25]);
}
$story = new Story();
if ($mode == 'preview') {
// Handle Magic GPC Garbage:
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
$result = $story->loadFromArgsArray($_POST);
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$msg = $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$msg .= '<li>' . $err . '</li>' . LB;
}
$msg .= '</ul>' . LB;
$display .= COM_showMessageText($msg, $LANG24[54]);
}
}
} else {
$result = $story->loadFromDatabase($sid, $mode);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($mode == 'editsubmission') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$display .= COM_showMessageText($LANG24[24]);
}
// Load HTML templates
$story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
$advanced_editormode = true;
$story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('show_preview', 'none');
$story_templates->set_var('lang_expandhelp', $LANG24[67]);
$story_templates->set_var('lang_reducehelp', $LANG24[68]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_toolbar', $LANG24[70]);
$story_templates->set_var('toolbar1', $LANG24[71]);
$story_templates->set_var('toolbar2', $LANG24[72]);
$story_templates->set_var('toolbar3', $LANG24[73]);
$story_templates->set_var('toolbar4', $LANG24[74]);
$story_templates->set_var('toolbar5', $LANG24[75]);
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_htmleditor', '');
} else {
$story_templates->set_var('show_texteditor', '');
$story_templates->set_var('show_htmleditor', 'none');
}
} else {
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
$advanced_editormode = false;
}
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($advanced_editormode and $previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
} elseif ($previewContent != '') {
$display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= $previewContent;
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
}
}
if ($advanced_editormode) {
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($mode == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
}
$story_templates->set_var('navbar', $navbar->generate());
}
$oldsid = $story->EditElements('originalSid');
if (!empty($oldsid) && $mode != 'clone') {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
}
if ($mode == 'editsubmission' || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
$atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
$have_archive_topic = empty($atopic) ? false : true;
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$js_showarchivedisabled = 'false';
$have_archive_topic = true;
// force display of auto archive option
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'false';
} else {
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'true';
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
if ($have_archive_topic) {
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
} else {
$story_templates->set_var('lang_optionarchive', '');
}
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
$story_templates->set_var('page_title', $story->EditElements('page_title'));
$story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$story_templates->set_var('meta_description', $story->EditElements('meta_description'));
$story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
$story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
if ($_CONF['meta_tags'] > 0) {
$story_templates->set_var('hide_meta', '');
} else {
$story_templates->set_var('hide_meta', ' style="display:none;"');
}
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
if ($mode == 'preview') {
$tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true);
} else {
$tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true);
}
if (empty($tlist)) {
$display .= COM_showMessage(101);
return $display;
}
$story_templates->set_var('topic_selection', $tlist);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('lang_cachetime', $LANG24['cache_time']);
$story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']);
$story_templates->set_var('cache_time', $story->EditElements('cache_time'));
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
$js_showcmtclosedisabled = 'false';
} else {
$js_showcmtclosedisabled = 'true';
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
// ensure that the year dropdown includes the close year
$endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
$yoffset = date('Y', $endtm) - date('Y');
$close_year = $story->EditElements('cmt_close_year');
if ($yoffset < -1) {
$year_options = COM_getYearFormOptions($close_year, $yoffset);
} elseif ($yoffset > 5) {
$year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
} else {
$year_options = COM_getYearFormOptions($close_year);
}
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
$postmode = $story->EditElements('postmode');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$postmode = '';
}
}
$post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode);
$postmode_list = 'plaintext,html';
// If Advanced Mode - add post option and set default if editing story created with Advanced Editor
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$postmode_list .= ',adveditor';
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
}
if ($_CONF['wikitext_editor']) {
$postmode_list .= ',wikitext';
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$postmode_array = explode(',', $postmode_list);
$allowed_html = '';
foreach ($postmode_array as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_tags = array('code', 'raw');
if ($_CONF['allow_page_breaks'] == 1) {
$allowed_tags = array_merge($allowed_tags, array('page_break'));
}
$allowed_html .= COM_allowedAutotags(false, $allowed_tags);
$story_templates->set_var('lang_allowed_html', $allowed_html);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$story_templates->set_var('titletoid', true);
}
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
// $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
// $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
/**
* Remove a plugin that is sitting in the public/private tree.
* If they exist, the following directories are deleted recursively:
*
* 1. public_html/admin/plugins/{pi_name}
* 2. public_html/{pi_name}
* 3. private/plugins/{pi_name}
*
* @param pi_name string name of the plugin to remove
* @return string HTML for error or success message
*
*/
function PLUGINS_remove($pi_name)
{
global $_CONF, $LANG32;
$retval = '';
if (strlen($pi_name) == 0) {
$retval .= COM_showMessageText($LANG32[12], $LANG32[13], true);
COM_errorLog($LANG32[12]);
return $retval;
}
COM_errorLog("Removing the {$pi_name} plugin file structure");
$msg = '';
if (PLG_remove($pi_name)) {
COM_errorLog("Plugin removal was successful.");
$msg = 116;
$retval .= COM_showMessage(116);
} else {
COM_errorLog("Error removing the plugin file structure - the web server may not have sufficient permissions");
$msg = 95;
$retval .= COM_showMessage(95);
}
CTL_clearCache();
if ($msg != '') {
COM_setMessage($msg);
$refreshURL = $_CONF['site_admin_url'] . '/plugins.php';
} else {
$refreshURL = $_CONF['site_admin_url'] . '/plugins.php';
}
echo COM_refresh($refreshURL);
exit;
}
}
$full = 0;
if (isset($_REQUEST['f'])) {
$full = COM_applyFilter($_REQUEST['f'], true);
}
$mediaObject = 0;
if (isset($_REQUEST['s'])) {
$mediaObject = COM_applyFilter($_REQUEST['s'], true);
}
$sortOrder = 0;
if (isset($_REQUEST['sort'])) {
$sortOrder = COM_applyFilter($_REQUEST['sort'], true);
}
$sortID = 0;
if (isset($_REQUEST['i'])) {
$sortID = COM_applyFilter($_REQUEST['i'], true);
}
$page = 0;
if (isset($_REQUEST['p'])) {
$page = COM_applyFilter($_REQUEST['p'], true);
}
list($ptitle, $retval, $themeCSS, $album_id) = MG_displayMediaImage($mediaObject, $full, $sortOrder, 1, $sortID, $page);
$themeStyle = MG_getThemeCSS($album_id);
$display = MG_siteHeader($ptitle);
if ($msg != '') {
$display .= COM_showMessage($msg, 'mediagallery');
}
$display .= $retval;
$display .= MG_siteFooter();
echo $display;
exit;
}
if ($action == "") {
} else {
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to illegally and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
$display = '';
$menuno = 6;
$information = array();
$information['pagetitle'] = $LANG_USERBOX_ADMIN['piname'] . "backup and restore";
$display .= ppNavbarjp($navbarMenu, $LANG_USERBOX_admin_menu[$menuno]);
if (isset($_REQUEST['msg'])) {
$display .= COM_showMessage(COM_applyFilter($_REQUEST['msg'], true), $pi_name);
}
switch ($action) {
case $LANG_USERBOX_ADMIN['config_init']:
$dummy = LIB_Deleteconfig($pi_name, $config);
$dummy = LIB_Initializeconfig($pi_name);
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/userbox/backuprestore.php');
exit;
break;
case $LANG_USERBOX_ADMIN['config_backup']:
$display .= LIB_Backupconfig($pi_name);
break;
case $LANG_USERBOX_ADMIN['config_restore']:
$display .= LIB_Restoreconfig($pi_name, $config);
break;
case $LANG_USERBOX_ADMIN['config_update']:
/**
* List logged requests
*
* @param int $page page number
* @return string HTML for list of entries
*
*/
function _bb_listEntries($page = 1, $msg = '')
{
global $_CONF, $_USER, $_TABLES, $LANG_BAD_BEHAVIOR, $LANG_BB2_RESPONSE, $LANG_ADMIN;
$retval = '';
if ($page < 1) {
$page = 1;
}
$filter = 'all';
if (isset($_REQUEST['filter'])) {
$filter = COM_applyFilter($_REQUEST['filter']);
}
$where = '';
if ($filter != 'all') {
$where = ' WHERE ' . WP_BB_LOG . '.key="' . DB_escapeString($filter) . '"';
}
$start = ($page - 1) * 50;
if ($filter != 'all') {
$entries = DB_count(WP_BB_LOG, WP_BB_LOG . '.key', DB_escapeString($filter));
} else {
$entries = DB_count(WP_BB_LOG);
}
if ($start > $entries) {
$start = 1;
$page = 1;
}
$donate = $LANG_BAD_BEHAVIOR['description'];
if (DB_getItem($_TABLES['vars'], 'value', "name = 'bad_behavior2.donate'") == 1) {
$donate .= '<p>' . $LANG_BAD_BEHAVIOR['donate_msg'] . '</p>' . LB;
}
// writing the menu on top
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/bad_behavior2/ban.php', 'text' => 'List Banned IPs'), array('url' => $_CONF['site_admin_url'] . '/plugins/bad_behavior2/ban.php?mode=add', 'text' => 'Ban IPs'), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= COM_startBlock($LANG_BAD_BEHAVIOR['plugin_display_name'] . ' - ' . $LANG_BAD_BEHAVIOR['block_title_list'], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $donate, $_CONF['site_url'] . '/bad_behavior2/images/bad_behavior2.png');
$retval .= '<br />';
if (!empty($msg)) {
$retval .= COM_showMessage($msg, 'bad_behavior2');
}
$templates = new Template($_CONF['path'] . 'plugins/' . BAD_BEHAVIOR_PLUGIN . '/templates');
$templates->set_file('list', 'log.thtml');
$templates->set_var(array('lang_ip' => $LANG_BAD_BEHAVIOR['row_ip'], 'lang_user_agent' => $LANG_BAD_BEHAVIOR['row_user_agent'], 'lang_referer' => $LANG_BAD_BEHAVIOR['row_referer'], 'lang_reason' => $LANG_BAD_BEHAVIOR['row_reason'], 'lang_response' => $LANG_BAD_BEHAVIOR['row_response'], 'lang_method' => $LANG_BAD_BEHAVIOR['row_method'], 'lang_protocol' => $LANG_BAD_BEHAVIOR['row_protocol'], 'lang_date' => $LANG_BAD_BEHAVIOR['row_date'], 'lang_search' => $LANG_BAD_BEHAVIOR['search'], 'lang_ip_date' => $LANG_BAD_BEHAVIOR['ip_date'], 'lang_headers' => $LANG_BAD_BEHAVIOR['headers'], 'lang_filter_select' => $LANG_BAD_BEHAVIOR['filter'], 'lang_go' => $LANG_BAD_BEHAVIOR['go']));
$filter_select = '<option value="all"';
if ($filter == '') {
$filter_select .= ' selected="selected" ';
}
$filter_select .= '>' . $LANG_BAD_BEHAVIOR['no_filter'] . '</option>';
foreach ($LANG_BB2_RESPONSE as $code => $text) {
$filter_select .= '<option value="' . $code . '"';
if ($filter == $code) {
$filter_select .= ' selected="selected" ';
}
$filter_select .= '>' . $text . '</option>';
}
$templates->set_var('filter_select', $filter_select);
$result = DB_query("SELECT id,ip,date,request_method,request_uri,server_protocol,http_headers,user_agent,request_entity,`key` FROM " . WP_BB_LOG . " " . $where . " ORDER BY date DESC LIMIT {$start},50");
$num = DB_numRows($result);
$templates->set_block('list', 'logrow', 'lrow');
for ($i = 0; $i < $num; $i++) {
$A = DB_fetchArray($result);
$lcount = 50 * ($page - 1) + $i + 1;
foreach ($A as $key => $val) {
$A[$key] = htmlspecialchars($val, ENT_QUOTES, COM_getEncodingt());
}
$dt = new Date($A['date'], $_USER['tzid']);
$headers = str_replace("\n", "<br/>\n", $A['http_headers']);
$headers = str_replace("User-Agent:", "<strong>User-Agent:</strong>", $headers);
$headers = str_replace("Host:", "<strong>Host:</strong>", $headers);
$headers = str_replace("POST ", "<strong>POST</strong> ", $headers);
$headers = str_replace("GET ", "<strong>GET</strong> ", $headers);
$headers = str_replace("Accept-Language:", "<strong>Accept-Language:</strong> ", $headers);
$headers = str_replace("Accept-Encoding:", "<strong>Accept-Encoding:</strong> ", $headers);
$headers = str_replace("Accept-Charset:", "<strong>Accept-Charset:</strong> ", $headers);
$headers = str_replace("X-Forwarded-For:", "<strong>X-Forwarded-For:</strong> ", $headers);
$headers = str_replace("Cookie:", "<strong>Cookie:</strong> ", $headers);
$headers = str_replace("Via:", "<strong>Via:</strong> ", $headers);
$headers = str_replace("Connection:", "<strong>Connection:</strong>", $headers);
$headers = str_replace("Accept:", "<strong>Accept:</strong>", $headers);
$headers = str_replace("Cache-Control:", "<strong>Cache-Control:</strong>", $headers);
$headers = str_replace("Referer:", "<strong>Referer:</strong>", $headers);
$headers = str_replace("Pragma:", "<strong>Pragma:</strong>", $headers);
$headers = str_replace("Proxy-", "<strong>Proxy-</strong>", $headers);
$headers = str_replace("Cf-Connecting-Ip", "<strong>Cf-Connecting-Ip</strong>", $headers);
$headers = str_replace("Cf-Ipcountry", "<strong>Cf-Ipcountry</strong>", $headers);
$headers = str_replace("X-Forwarded-Proto", "<strong>X-Forwarded-Proto</strong>", $headers);
$headers = str_replace("Cf-Visitor", "<strong>Cf-Visitor</strong>", $headers);
$headers = str_replace("X-Http-Proto", "<strong>X-Http-Proto</strong>", $headers);
$headers = str_replace("X-Real-Ip", "<strong>X-Real-Ip</strong>", $headers);
$headers = str_replace("Content-Length", "<strong>Content-Length</strong>", $headers);
$headers = str_replace("Content-Type", "<strong>Content-Type</strong>", $headers);
$headers = str_replace("Te:", "<strong>Te:</strong>", $headers);
$headers = str_replace("Expect:", "<strong>Expect:</strong>", $headers);
$headers = str_replace("Dnt:", "<strong>Dnt:</strong>", $headers);
$entity = str_replace("\n", "<br/>\n", $A["request_entity"]);
$templates->set_var(array('row_num' => $lcount, 'cssid' => $i % 2 + 1, 'id' => $A['id'], 'ip' => $A['ip'], 'request_method' => $A['request_method'], 'http_host' => $A['request_uri'], 'server_protocol' => $A['server_protocol'], 'http_referer' => $headers, 'reason' => $LANG_BB2_RESPONSE[$A['key']], 'http_user_agent' => $A['user_agent'], 'http_response' => $entity, 'date_and_time' => $dt->toRFC822(true)));
$url = $_CONF['site_admin_url'] . '/plugins/' . BAD_BEHAVIOR_PLUGIN . '/index.php?mode=view&id=' . $A['id'];
if ($page > 1) {
$url .= '&page=' . $page;
}
$templates->set_var('start_headers_anchortag', '<a href="' . $url . '" title="' . $LANG_BAD_BEHAVIOR['title_show_headers'] . '">');
$templates->set_var('end_headers_anchortag', '</a>');
if (!empty($_CONF['ip_lookup'])) {
$iplookup = str_replace('*', $A['ip'], $_CONF['ip_lookup']);
$templates->set_var('start_ip_lookup_anchortag', '<a href="' . $iplookup . '" title="' . $LANG_BAD_BEHAVIOR['title_lookup_ip'] . '" target="_new">');
$templates->set_var('end_ip_lookup_anchortag', '</a>');
} else {
$templates->set_var('start_ip_lookup_anchortag', '');
$templates->set_var('end_ip_lookup_anchortag', '');
}
$templates->parse('lrow', 'logrow', true);
}
if ($entries > 50) {
$baseurl = $_CONF['site_admin_url'] . '/plugins/' . BAD_BEHAVIOR_PLUGIN . '/index.php?mode=list&filter=' . $filter;
$numpages = ceil($entries / 50);
$templates->set_var('google_paging', COM_printPageNavigation($baseurl, $page, $numpages));
} else {
$templates->set_var('google_paging', '');
}
$templates->parse('output', 'list');
$retval .= $templates->finish($templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function _checkHasAccess()
{
global $_USER, $LANG_DLM;
// only users who belong to the Root group can full access
if (!SEC_inGroup('Root')) {
// deny access
COM_accessLog("User {$_USER['username']} tried illegally to edit category {$this->_cid}.");
$display = COM_showMessage(6, 'downloads');
$display = DLM_createHTMLDocument($display, array('pagetitle' => $LANG_DLM['manager']));
COM_output($display);
exit;
}
}
/**
* Perform database backup
*
* @return string HTML success or error message
*/
function DBADMIN_backup()
{
global $_VARS, $_CONF, $LANG08, $LANG_DB_BACKUP, $MESSAGE, $_IMAGE_TYPE, $_DB_host, $_DB_name, $_DB_user, $_DB_pass, $_DB_mysqldump_path;
$retval = '';
if (is_dir($_CONF['backup_path'])) {
$curdatetime = date('Y_m_d_H_i_s');
$backupfile = "{$_VARS['lglib_backup_path']}glfusion_db_backup_{$curdatetime}.sql";
$command = '"' . $_DB_mysqldump_path . '" ' . " -h{$_DB_host} -u{$_DB_user}";
if (!empty($_DB_pass)) {
$command .= " -p" . escapeshellarg($_DB_pass);
$parg = " -p" . escapeshellarg($_DB_pass);
}
if (!empty($_CONF['mysqldump_options'])) {
$command .= ' ' . $_CONF['mysqldump_options'];
}
$command .= " {$_DB_name} > \"{$backupfile}\"";
$log_command = $command;
if (!empty($_DB_pass)) {
$log_command = str_replace($parg, ' -p*****', $command);
}
if (function_exists('is_executable')) {
$canExec = @is_executable($_DB_mysqldump_path);
} else {
$canExec = @file_exists($_DB_mysqldump_path);
}
if ($canExec) {
DBADMIN_exec($command);
// See if we got a backup file, and if it's reasonable (size > 1KB)
if (file_exists($backupfile) && filesize($backupfile) > 1024) {
@chmod($backupfile, 0644);
$retval .= COM_showMessage(93);
} else {
$retval .= COM_showMessage(94);
COM_errorLog('Backup Filesize was less than 1kb', 1);
COM_errorLog("Command used for mysqldump: {$log_command}", 1);
}
} else {
$retval .= COM_startBlock($LANG08[06], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG_DB_BACKUP['not_found'];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_errorLog('Backup Error: Bad path, mysqldump does not exist or open_basedir restriction in effect.', 1);
COM_errorLog("Command used for mysqldump: {$log_command}", 1);
}
} else {
$retval .= COM_startBlock($MESSAGE[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG_DB_BACKUP['path_not_found'];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_errorLog("Backup directory '" . $_CONF['backup_path'] . "' does not exist or is not a directory", 1);
}
return $retval;
}
/**
* Adds an event to the user's calendar
*
* The user has asked that an event be added to their personal
* calendar. Show a confirmation screen.
*
* @param string $eid event ID to add to user's calendar
* @return string HTML for confirmation form
*
*/
function adduserevent($eid)
{
global $_CONF, $_TABLES, $LANG_CALJP_1;
$retval = '';
$eventsql = "SELECT * FROM {$_TABLES['eventsjp']} WHERE eid='{$eid}'" . COM_getPermSql('AND');
$result = DB_query($eventsql);
$nrows = DB_numRows($result);
if ($nrows == 1) {
$retval .= COM_startBlock(sprintf($LANG_CALJP_1[11], COM_getDisplayName()));
$A = DB_fetchArray($result);
$cal_template = COM_newTemplate($_CONF['path'] . 'plugins/calendarjp/templates/');
$cal_template->set_file(array('addevent' => 'addevent.thtml'));
$cal_template->set_var('intro_msg', $LANG_CALJP_1[8]);
$cal_template->set_var('lang_event', $LANG_CALJP_1[12]);
$event_title = stripslashes($A['title']);
if (!empty($A['url']) && $A['url'] != 'http://') {
$event_title_and_url = COM_createLink($event_title, $A['url'], array('class' => 'url'));
$cal_template->set_var('event_url', $A['url']);
$cal_template->set_var('event_begin_anchortag', '<a href="' . $A['url'] . '" class="url">');
$cal_template->set_var('event_end_anchortag', '</a>');
} else {
$event_title_and_url = $event_title;
$cal_template->set_var('event_url', '');
$cal_template->set_var('event_begin_anchortag', '');
$cal_template->set_var('event_end_anchortag', '');
}
$cal_template->set_var('event_title', $event_title_and_url);
$cal_template->set_var('event_title_only', $event_title);
$cal_template->set_var('lang_starts', $LANG_CALJP_1[13]);
$cal_template->set_var('lang_ends', $LANG_CALJP_1[14]);
$thestart = COM_getUserDateTimeFormat($A['datestart'] . ' ' . $A['timestart']);
$theend = COM_getUserDateTimeFormat($A['dateend'] . ' ' . $A['timeend']);
if ($A['allday'] == 0) {
$cal_template->set_var('event_start', $thestart[0]);
$cal_template->set_var('event_end', $theend[0]);
} else {
$cal_template->set_var('event_start', strftime($_CONF['shortdate'], $thestart[1]));
$cal_template->set_var('event_end', strftime($_CONF['shortdate'], $theend[1]));
}
$cal_template->set_var('lang_where', $LANG_CALJP_1[4]);
$location = stripslashes($A['location']) . '<br' . XHTML . '>' . stripslashes($A['address1']) . '<br' . XHTML . '>' . stripslashes($A['address2']) . '<br' . XHTML . '>' . stripslashes($A['city']) . ', ' . stripslashes($A['state']) . ' ' . $A['zipcode'];
$cal_template->set_var('event_location', $location);
$cal_template->set_var('lang_description', $LANG_CALJP_1[5]);
$description = stripslashes($A['description']);
if (empty($A['postmode']) || $A['postmode'] == 'plaintext') {
$description = COM_nl2br($description);
}
$cal_template->set_var('event_description', PLG_replaceTags($description));
$cal_template->set_var('event_id', $eid);
$cal_template->set_var('lang_addtomycalendar', $LANG_CALJP_1[9]);
$cal_template->set_var('gltoken_name', CSRF_TOKEN);
$cal_template->set_var('gltoken', SEC_createToken());
$cal_template->parse('output', 'addevent');
$retval .= $cal_template->finish($cal_template->get_var('output'));
$retval .= COM_endBlock();
} else {
$retval .= COM_showMessage(23);
}
return $retval;
}
if (isset($_GET['uid'])) {
$uid = COM_applyFilter($_GET['uid'], true);
}
if ($uid == 1) {
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
$display .= edituser($uid, $msg);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[1]));
} elseif ($mode == 'import' && SEC_checkToken()) {
$display .= importusers();
} elseif ($mode == 'importform') {
$display .= display_batchAddform();
} elseif ($mode == 'batchdelete') {
$display .= batchdelete();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[54]));
} elseif ($mode == $LANG28[78] && !empty($LANG28[78]) && SEC_checkToken()) {
$msg = batchreminders();
$display .= COM_showMessage($msg) . batchdelete();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[11]));
} elseif ($mode == 'batchdeleteexec' && SEC_checkToken()) {
$msg = batchdeleteexec();
$display .= COM_showMessage($msg) . batchdelete();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[11]));
} else {
// 'cancel' or no mode at all
$display .= COM_showMessageFromParameter();
$display .= listusers();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[11]));
}
COM_output($display);
/**
* Shows the story submission form
*
*/
function submitstory()
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG12, $LANG24, $_SCRIPTS;
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
$retval = '';
$story = new Story();
if (isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
// preview
$story->loadSubmission();
$retval .= COM_startBlock($LANG12[32]) . STORY_renderArticle($story, 'p') . COM_endBlock();
} else {
$story->initSubmission();
}
$storyform = COM_newTemplate($_CONF['path_layout'] . 'submit');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$storyform->set_file('storyform', 'submitstory_advanced.thtml');
$storyform->set_var('change_editormode', 'onchange="change_editmode(this);"');
$storyform->set_var('lang_expandhelp', $LANG24[67]);
$storyform->set_var('lang_reducehelp', $LANG24[68]);
$link_message = COM_isAnonUser() ? '' : $LANG01[138];
$storyform->set_var('noscript', COM_getNoScript(false, '', $link_message));
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/submitstory_adveditor.js');
if ($story->EditElements('postmode') === 'html') {
$storyform->set_var('show_texteditor', 'none');
$storyform->set_var('show_htmleditor', '');
} else {
$storyform->set_var('show_texteditor', '');
$storyform->set_var('show_htmleditor', 'none');
}
} else {
$storyform->set_file('storyform', 'submitstory.thtml');
if ($story->EditElements('postmode') === 'html') {
$storyform->set_var('show_texteditor', 'none');
$storyform->set_var('show_htmleditor', '');
} else {
$storyform->set_var('show_texteditor', '');
$storyform->set_var('show_htmleditor', 'none');
}
}
$storyform->set_var('lang_username', $LANG12[27]);
if (!COM_isAnonUser()) {
$storyform->set_var('story_username', $_USER['username']);
$storyform->set_var('author', COM_getDisplayName());
$storyform->set_var('status_url', $_CONF['site_url'] . '/users.php?mode=logout');
$storyform->set_var('lang_loginout', $LANG12[34]);
} else {
$storyform->set_var('status_url', $_CONF['site_url'] . '/users.php');
$storyform->set_var('lang_loginout', $LANG12[2]);
if (!$_CONF['disable_new_user_registration']) {
$storyform->set_var('separator', ' | ');
$storyform->set_var('seperator', ' | ');
$storyform->set_var('create_account', COM_createLink($LANG12[53], $_CONF['site_url'] . '/users.php?mode=new', array('rel' => 'nofollow')));
}
}
$storyform->set_var('lang_title', $LANG12[10]);
$storyform->set_var('story_title', $story->EditElements('title'));
$storyform->set_var('lang_topic', $LANG12[28]);
$tlist = TOPIC_getTopicSelectionControl('article', '', false, false, false);
$storyform->set_var('topic_selection', $tlist);
if (empty($tlist)) {
$retval .= COM_showMessage(101);
return $retval;
}
$storyform->set_var('story_topic_options', $tlist);
$storyform->set_var('lang_story', $LANG12[29]);
$storyform->set_var('lang_introtext', $LANG12[54]);
$storyform->set_var('lang_bodytext', $LANG12[55]);
$storyform->set_var('story_introtext', $story->EditElements('introtext'));
$storyform->set_var('story_bodytext', $story->EditElements('bodytext'));
$storyform->set_var('lang_postmode', $LANG12[36]);
$postmode = $story->EditElements('postmode');
$storyform->set_var('story_postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $postmode));
$allowed_html = '';
foreach (array('plaintext', 'html') as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_html .= COM_allowedAutotags();
$storyform->set_var('allowed_html', $allowed_html);
$storyform->set_var('story_uid', $story->EditElements('uid'));
$storyform->set_var('story_sid', $story->EditElements('sid'));
$storyform->set_var('story_date', $story->EditElements('unixdate'));
$storyform->set_var('lang_preview', $LANG12[32]);
PLG_templateSetVars('story', $storyform);
if ($_CONF['skip_preview'] == 1 || isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
$storyform->set_var('save_button', '<input name="mode" type="submit" value="' . $LANG12[8] . '"' . XHTML . '>');
}
$retval .= COM_startBlock($LANG12[6], 'submitstory.html');
$storyform->parse('theform', 'storyform');
$retval .= $storyform->finish($storyform->get_var('theform'));
$retval .= COM_endBlock();
return $retval;
}
/**
* Display form to email a story to someone.
*
* @param string $sid ID of article to email
* @return string HTML for email story form
*
*/
function mailstoryform($sid, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN;
require_once $_CONF['path_system'] . 'lib-story.php';
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
$retval = COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('xhtml', XHTML);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('site_admin_url', $_CONF['site_admin_url']);
$login->set_var('layout_url', $_CONF['layout_url']);
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$retval .= $login->finish($login->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
return $retval;
}
$story = new Story();
$result = $story->loadFromDatabase($sid, 'view');
if ($result != STORY_LOADED_OK) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if ($msg > 0) {
$retval .= COM_showMessage($msg);
}
if (empty($from) && empty($fromemail)) {
if (!COM_isAnonUser()) {
$from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']);
$fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}");
}
}
$mail_template = new Template($_CONF['path_layout'] . 'profiles');
$mail_template->set_file('form', 'contactauthorform.thtml');
$mail_template->set_var('xhtml', XHTML);
$mail_template->set_var('site_url', $_CONF['site_url']);
$mail_template->set_var('site_admin_url', $_CONF['site_admin_url']);
$mail_template->set_var('layout_url', $_CONF['layout_url']);
$mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17]));
$mail_template->set_var('lang_title', $LANG08[31]);
$mail_template->set_var('story_title', $story->displayElements('title'));
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
$mail_template->set_var('story_url', $url);
$link = COM_createLink($story->displayElements('title'), $url);
$mail_template->set_var('story_link', $link);
$mail_template->set_var('lang_fromname', $LANG08[20]);
$mail_template->set_var('name', $from);
$mail_template->set_var('lang_fromemailaddress', $LANG08[21]);
$mail_template->set_var('email', $fromemail);
$mail_template->set_var('lang_toname', $LANG08[18]);
$mail_template->set_var('toname', $to);
$mail_template->set_var('lang_toemailaddress', $LANG08[19]);
$mail_template->set_var('toemail', $toemail);
$mail_template->set_var('lang_cc', $LANG08[36]);
$mail_template->set_var('lang_cc_description', $LANG08[37]);
$mail_template->set_var('lang_shortmessage', $LANG08[27]);
$mail_template->set_var('shortmsg', htmlspecialchars($shortmsg));
$mail_template->set_var('lang_warning', $LANG08[22]);
$mail_template->set_var('lang_sendmessage', $LANG08[16]);
$mail_template->set_var('story_id', $sid);
$mail_template->set_var('end_block', COM_endBlock());
PLG_templateSetVars('emailstory', $mail_template);
$mail_template->parse('output', 'form');
$retval .= $mail_template->finish($mail_template->get_var('output'));
return $retval;
}
/**
* Shows the story submission form
*
*/
function submitstory($topic = '')
{
global $_CONF, $_TABLES, $_USER, $LANG12, $LANG24;
$retval = '';
$story = new Story();
if (isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
// preview
$story->loadSubmission();
$retval .= COM_startBlock($LANG12[32]) . STORY_renderArticle($story, 'p') . COM_endBlock();
} else {
$story->initSubmission($topic);
}
$storyform = new Template($_CONF['path_layout'] . 'submit');
if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] == 1 && file_exists($_CONF['path_layout'] . 'submit/submitstory_advanced.thtml')) {
$storyform->set_file('storyform', 'submitstory_advanced.thtml');
$storyform->set_var('change_editormode', 'onchange="change_editmode(this);"');
$storyform->set_var('lang_expandhelp', $LANG24[67]);
$storyform->set_var('lang_reducehelp', $LANG24[68]);
if ($story->EditElements('postmode') == 'html') {
$storyform->set_var('show_texteditor', 'none');
$storyform->set_var('show_htmleditor', '');
} else {
$storyform->set_var('show_texteditor', '');
$storyform->set_var('show_htmleditor', 'none');
}
} else {
$storyform->set_file('storyform', 'submitstory.thtml');
if ($story->EditElements('postmode') == 'html') {
$storyform->set_var('show_texteditor', 'none');
$storyform->set_var('show_htmleditor', '');
} else {
$storyform->set_var('show_texteditor', '');
$storyform->set_var('show_htmleditor', 'none');
}
}
$storyform->set_var('xhtml', XHTML);
$storyform->set_var('site_url', $_CONF['site_url']);
$storyform->set_var('site_admin_url', $_CONF['site_admin_url']);
$storyform->set_var('layout_url', $_CONF['layout_url']);
$storyform->set_var('lang_username', $LANG12[27]);
if (!empty($_USER['username'])) {
$storyform->set_var('story_username', $_USER['username']);
$storyform->set_var('author', COM_getDisplayName());
$storyform->set_var('status_url', $_CONF['site_url'] . '/users.php?mode=logout');
$storyform->set_var('lang_loginout', $LANG12[34]);
} else {
$storyform->set_var('status_url', $_CONF['site_url'] . '/users.php');
$storyform->set_var('lang_loginout', $LANG12[2]);
if (!$_CONF['disable_new_user_registration']) {
$storyform->set_var('separator', ' | ');
$storyform->set_var('seperator', ' | ');
$storyform->set_var('create_account', COM_createLink($LANG12[53], $_CONF['site_url'] . '/users.php?mode=new', array('rel' => "nofollow")));
}
}
$storyform->set_var('lang_title', $LANG12[10]);
$storyform->set_var('story_title', $story->EditElements('title'));
$storyform->set_var('lang_topic', $LANG12[28]);
$tlist = COM_topicList('tid,topic', $story->EditElements('tid'));
if (empty($tlist)) {
$retval .= COM_showMessage(101);
return $retval;
}
$storyform->set_var('story_topic_options', $tlist);
$storyform->set_var('lang_story', $LANG12[29]);
$storyform->set_var('lang_introtext', $LANG12[54]);
$storyform->set_var('lang_bodytext', $LANG12[55]);
$storyform->set_var('story_introtext', $story->EditElements('introtext'));
$storyform->set_var('story_bodytext', $story->EditElements('bodytext'));
$storyform->set_var('lang_postmode', $LANG12[36]);
$storyform->set_var('story_postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $story->EditElements('postmode')));
$storyform->set_var('allowed_html', COM_allowedHTML());
$storyform->set_var('story_uid', $story->EditElements('uid'));
$storyform->set_var('story_sid', $story->EditElements('sid'));
$storyform->set_var('story_date', $story->EditElements('unixdate'));
$storyform->set_var('lang_preview', $LANG12[32]);
PLG_templateSetVars('story', $storyform);
if ($_CONF['skip_preview'] == 1 || isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
$storyform->set_var('save_button', '<input name="mode" type="submit" value="' . $LANG12[8] . '"' . XHTML . '>');
}
$retval .= COM_startBlock($LANG12[6], 'submitstory.html');
$storyform->parse('theform', 'storyform');
$retval .= $storyform->finish($storyform->get_var('theform'));
$retval .= COM_endBlock();
return $retval;
}
case 'save':
// 保存
$retval = LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno);
$information['pagetitle'] = $retval['title'];
$display .= $retval['display'];
break;
case 'delete':
// 削除
$display .= LIB_delete($pi_name);
break;
case 'copy':
//コピー
//コピー
case 'edit':
// 編集
if (!empty($id)) {
$information['pagetitle'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit'];
$display .= LIB_Edit($pi_name, $id, $edt_flg, $msg, "", $mode);
}
break;
default:
// 初期表示、一覧表示
$information['pagetitle'] = $LANG_DATABOX_ADMIN['piname'];
if (isset($msg)) {
$display .= COM_showMessage($msg, $pi_name);
}
$display .= LIB_List($pi_name);
}
$display = COM_startBlock($LANG_DATABOX_ADMIN['piname'], '', COM_getBlockTemplate('_admin_block', 'header')) . ppNavbarjp($navbarMenu, $LANG_DATABOX_admin_menu[$menuno]) . LIB_Menu($pi_name) . $display . COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$display = DATABOX_displaypage($pi_name, '_admin', $display, $information);
COM_output($display);
$cid = '';
if (isset($_POST['cid'])) {
$cid = $_POST['cid'];
}
$display .= savelink(COM_applyFilter($_POST['lid']), COM_applyFilter($_POST['old_lid']), $cid, $_POST['categorydd'], $_POST['url'], $_POST['description'], $_POST['title'], COM_applyFilter($_POST['hits'], true), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
} else {
if ($mode == 'editsubmission') {
$display .= editlink($mode, COM_applyFilter($_GET['id']));
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
} else {
if ($mode == 'edit') {
if (empty($_GET['lid'])) {
$display .= editlink($mode);
} else {
$display .= editlink($mode, COM_applyFilter($_GET['lid']));
}
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
} else {
// 'cancel' or no mode at all
if (isset($_GET['msg'])) {
$msg = COM_applyFilter($_GET['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'links');
}
}
$display .= listlinks();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[11]));
}
}
}
COM_output($display);
